|One Step Ahead: Security and Privacy Made Simple
October 19, 2010,
Volume 57, No. 08
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Beware of Malicious Invitations
Social and business networking sites have become part of many users’ everyday computing experience. Websites like Facebook and LinkedIn allow you to easily stay up to date with a large number of peers and colleagues.
Unfortunately, the popularity of these sites also make them a desirable target for scammers. A recent example includes a fake LinkedIn invitation, indistinguishable on the surface from a real invitation, except that hovering over the web links in the message shows that the unsuspecting victim would be taken to a website that was not LinkedIn.com. Clicking on the link causes malicious software that collects personal information such as banking credentials to be installed in the user’s browser.
So what can you do? First off, disregard invitations from people that you don’t know. Second, rather than click through to your social or business networking site from your e-mail, open your browser and type in the address yourself. If it’s a valid invitation it will be waiting for you when you log in. Lastly, be wary of any suspicious links delivered via these services. Angelina Jolie wants to be your friend? Someone claiming to forward an embarrassing video taken of you that you need to click on NOW? If you take a moment to think about it, these seem pretty unlikely. When in doubt – ask! It pays to check with the friend or colleague first to make sure they actually sent you the picture, video, or attachment that you are about to open. Your Local Support Provider can also help, as they’ve likely seen similar scams before.